Categories & Search

Industry: Media, Entertainment & Sports

COVID-19 Cyber Risks Continue to Grow

As we previously detailed, the coronavirus pandemic has expanded opportunities for nefarious actors to exploit the digital vulnerabilities of individuals, local governments, industries, organizations, and essential services as they rapidly adapt to the public health crisis. Recent reports have confirmed that attacks and cyber scams associated with the pandemic are in fact on the rise.

Go

Governmental Organizations Across the Globe Warn of Enhanced Cyber Threat Environment Related to COVID-19

In recent weeks, we have seen growing threats to cybersecurity and privacy from malicious actors seeking to exploit the COVID-19 pandemic. As companies transition their employees to remote working and focus their efforts on core business continuity, hackers are actively targeting companies’ cloud-based remote connectivity, lack of multi-factor authentication, and potentially insecure digital infrastructure to exploit vulnerabilities. The need for robust cybersecurity measures is more pressing than ever, and governmental organizations are issuing calls to action.

Go

New York’s SHIELD Act Heads to the Governor’s Desk

The New York State Senate recently passed The Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act, leaving only the Governor’s signature as the final step to the SHIELD Act becoming the country’s newest—and one of the most stringent—breach notification laws.  Given Governor Cuomo’s previous support for robust cybersecurity protections, New York may soon join a growing number of states beefing up their notification statutes.

Go

Las Vegas Shooting Lawsuits: How They Will Impact the Cybersecurity World

Last week, MGM Resorts International filed nine pre-emptive lawsuits against the victims of last year’s mass shooting at the Mandalay Bay Hotel in Las Vegas.  MGM, owner of the Mandalay, is asking federal courts around the country to declare that the company is not liable “for any claim for injuries arising out of or related to” the mass attack. 

Go

Facebook Gears Up for High Stakes Biometric Trial

In one of the first major tests of the Illinois biometric data privacy law, Facebook is headed to trial this summer over allegations that the social media giant unlawfully collects user data with its photo tagging function. Last week, U.S. District Judge James Donato denied cross motions for summary judgment in a class action pending in Northern California, noting the “multitude of fact disputes in the case.”

Go

Wearable Technology Fits into Professional Sports

Professional athletes, teams, and leagues have embraced wearable technology.  But as this new technology becomes ubiquitous, a new category of valuable—and personally sensitive—data has emerged, raising novel data security issues and incentives for would-be hackers.

Go

The Supreme Court Punts on Clarifying the Computer Fraud and Abuse Act

The federal Computer Fraud and Abuse Act of 1986 (“CFAA”) has generated controversy and disagreement among courts and commentators regarding the scope of its application.  The statute, 18 U.S.C. § 1030, which provides for both criminal and civil penalties, prohibits accessing a computer or protected computer “without authorization” or in a manner “exceeding authorized access.”  Courts are divided as to the meaning of these phrases, yet the U.S. Supreme Court recently declined the opportunity to resolve the circuit split that has developed, leaving the exact scope of this important statute in question.

Go

Hackers Target the Bottom Line: Business Operations and Earnings

Over the past several years, we have witnessed a fundamental shift in orchestrated cyber-attacks from hacking credit card data and healthcare information to targeting businesses, their operations and bottom lines.

Go

The Computer Fraud and Abuse Act Will Need To Wait Another Day In New York’s Commercial Division

Justice Shirley Kornreich recently issued one of the few New York state court decisions  that address the Computer Fraud and Abuse Act (“CFAA”).  Spec Simple, Inc. v. Designer Pages Online LLC,  No. 651860/2015, 2017 BL 160865 (N.Y. Sup. Ct. May 10, 2017).  The CFAA criminalizes both accessing a computer without authorization and exceeding authorized access and thereby obtaining information from any protected computer.  Id. at *3 (citing 18 U.S.C. § 1030(a)(2)(C)). The CFAA also provides a civil cause of action to any person who suffers damage or loss because of a violation of the CFAA.  Id. at *4 (citing 18 U.S.C. § 1030(g)).  As discussed below, the decision provides a helpful look into the interpretation of CFAA claims in the future.

Go

Digital Divide Deepens: Tech Community Backs Second Circuit in Clash with Magistrates over Reach of U.S. Warrants

The technology community took aim at a recent federal magistrate’s ruling that ordered Google Inc. to comply with search warrants seeking customer emails stored on servers abroad, calling the decision “an impermissible extraterritorial application of U.S. law.” In rejecting a recent federal appeals court decision in a similar case in favor of Microsoft Corp., U.S. Magistrate Thomas J. Reuter in Philadelphia ruled that transferring emails from a foreign server to the U.S. was not tantamount to a seizure beyond American borders. The technology companies urged the court to reject the “fiction that such a foreign search and seizure is a domestic act….”

Go

Second Circuit Court of Appeals Denies Rehearing in Microsoft Case

Back in December 2013, a U.S. magistrate issued a seemingly routine warrant in a narcotics case demanding that Microsoft turn over messages from a customer’s email account that resided on a server in Ireland.  That warrant, which issued under a 1986 law called the Stored Communications Act (“SCA”), 18 U.S.C. § 2703, is still being debated today.

Go

FTC Slaps Down ALJ’s Data Security Ruling in LabMD, Sets Broad Mandate for Protection of “Sensitive” Consumer Data

In a sweeping statement of its data security expectations for organizations that maintain consumer information, the Federal Trade Commission on Friday found that LabMD, the defunct medical testing lab, failed to employ adequate data security safeguards in violation of Section 5 of the FTC Act, even though there was no indication that any information had been misused or compromised.

Go

Lessons from LinkedIn: Privacy and Data Security Representations in the M&A Context

Microsoft’s blockbuster acquisition of LinkedIn earlier this month—a deal where concerns for privacy and data security loomed large—provides a glimpse into the growing trend of including separate privacy and data security representations in merger and acquisition agreements.  Because the trend is so recent, there is no consensus or standard practice at this point for drafting these representations.  The LinkedIn privacy and data security representation is a good example of the evolving nature of these representations.

Go

LabMD’s Waiting Game: Lingering Questions over FTC’s Authority in Data Security Matters

A contentious legal battle over data security between the Federal Trade Commission and LabMD, a small medical testing lab, is chronicled in the latest edition of Bloomberg Businessweek.  Dune Lawrence’s report raises lingering questions about the FTC’s prosecution of a now-defunct company, tampered evidence and regulatory overreach.

Go

Federal Appeals Court Set to Issue One of the Most Important Privacy Rulings in a Generation

For months, the technology and business communities have been waiting anxiously for a Federal appeals court ruling on whether American companies can be forced to turn over customer information to U.S. law enforcement when that information is stored on servers abroad.  It’s the result of a legal appeal filed last year by Microsoft Corporation that was argued before the U.S. Court of Appeals for the Second Circuit more than seven months ago.

Go

Traditional General Liability Policy Covers Medical Records Mishap

A U.S. appeals court yesterday held that a traditional corporate general liability policy triggered an insurer’s duty to defend a class action lawsuit alleging that a medical records company failed to properly secure patient records on its server.

Go

On the Front Lines of Cybersecurity: The Corporate Challenge

Recent surveys tell us that cybersecurity is the top risk faced by corporate America.  The Bank Director’s 2016 Risk Practices survey – out yesterday – disclosed that three quarters of bank executives and board members believe cybersecurity is their top concern.  And their general counsel agree.  In another recent study, general counsel said that cybersecurity was their top area of organizational risk as well.

Go

FTC Reviews Case Over Legal Standard For Data Security Enforcement Action

Faced with the prospect of overturning a decision by one of its own administrative law judges, the Federal Trade Commission on Tuesday explored ways in which to render a narrow decision.  The argument was the most recent chapter in the long running data security enforcement action against LabMD, the now defunct medical testing laboratory.

Go

CISA Is Now Law—What It Means for Your Organization

After several fits and starts, Congress finally passed the Cyber Information Sharing Act of 2015 (CISA) as part of the omnibus budget bill.  President Obama signed the bill into law on December 18, 2015.

Go

The Privilege of PR: Application of the Attorney-Client Privilege to Crisis Communications and Public Relations in Breach Response Planning

Cyber-attacks have become a matter of everyday reality for all businesses: regardless of industry or size, it is no longer if a data breach will happen, but when.  And waiting for a breach to occur before designing and implementing a cyber incidence response plan is generally a recipe for disaster.  

Go

FTC Blasted in LabMD Data Security Case

In a long-running and highly contentious data security enforcement action against LabMD, a small medical testing laboratory, the Federal Trade Commission was handed a stunning defeat late Friday.  In a 92-page Initial Decision, Chief Administrative Law Judge D. Michael Chappell dismissed the FTC’s case against LabMD – after a full administrative trial – based on the Commission’s failure to prove it was “likely” that consumers had been substantially injured in two alleged data security incidents dating back nearly seven years.

Go

Department of Homeland Security: “The C-Suite and Cybersecurity”

Federal and state cybersecurity agencies teamed up last week for a two-day summit focused on the evolving nature of cybersecurity threats to New Jersey businesses.  The event was sponsored by the U.S. Department of Homeland Security’s (“DHS”) Critical Infrastructure Cybersecurity Voluntary Program and The New Jersey Office of Homeland Security and Preparedness.

Go

Second Circuit Hears Argument in Microsoft Appeal: How Far Does a U.S. Warrant Reach?

In a 90-minute hearing earlier today, Microsoft Corp. asked the Second Circuit Court of Appeals to reverse a district court decision forcing the technology giant to turn over customer email traffic residing on a server in Ireland. American companies with data centers located outside the U.S., as well as privacy advocates and media organizations are closely watching this case.  During the argument, the Court acknowledged that the “implications of its ruling would be broad.”

Go

Steering Clear of Broken Promises

With last week’s ruling by the Third Circuit Court of Appeals in FTC v. Wyndham Worldwide Corp. solidifying the Federal Trade Commission’s authority to enforce data security practices, organizations that use online computers to store customer information should take notice.  Since 2005, the FTC has stepped up its enforcement efforts and has entered into more than 50 consent decrees relating to cybersecurity matters.  

Go